Hardware Management Console Readme For use with Version 8 Release 8.2.0 Service Pack 2 Contents The information in this Readme contains fix list and other package information about the Hardware Management Console. * PTF MH01607 <#MH01607> * Package information <#package> * List of fixes <#fixes> * Installation <#install> * Additional information <#additional> PTF MH01607 This package includes a fix for HMC Version 8 Release 8.2.0 Service Pack 2. You can reference this package by APAR# MB03739 and PTF MH01607. This image must be installed on top of HMC Version 8 Release 8.2.0 SP2 (PTF MH01488) with or without additional fixes . Note: This PTF supersedes MH01573, MH01581, MH01590, and MH01599. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01607.iso 1370599424 5d0bee7acef67bae20fd7c71234236127b5f25cc MB03739 MH01607 Splash Panel information (or lshmc -V output) "version= Version: 8 Release: 8.2.0 Service Pack: 2 HMC Build level 20160205.1 MH01607: Fix for HMC V8R8.2.0 SP2 (02-06-2016) ","base_version=V8R8.2.0 " Known Issues: *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. Log in again selecting the Log In option of "Classic". 2. If already logged in to the HMC using Enhanced+ GUI, log off the HMC. 3. Install using the normal installation instructions. Alternatively, install this PTF using CLI. *** * List of fixes * Fixed multiple OpenSSH vulnerabilities involving the ssh client "Roaming" feature: CVE-2016-0777 and CVE-2016-0778 *Previously released fixes also included in this PTF: * *MH01599* 01/25/16 * * * Fixed multiple OpenSSL Vulnerabilities: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794 * Fixed multiple Java Vulnerabilities: CVE-2015-4843, CVE-2015-4868, CVE-2015-4806, CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4842, and CVE-2015-4803 * Fixed a security issue with HMC restricted shell * Fixed an issue where the HMC web server may intermittently deadlock. Symptoms include one or more of the following: unable to connect using a browser; browser error "Service Temporarily Unavailable"'; multiple serviceable events for E35A0016 and/or E35A0017; unable to restart due to / file system full from repeated diagnostic dumps. * MH01590* 12/22/15 * * * Fixed Pluggable Authentication Module (PAM) vulnerability: CVE-2015-3238 * Fixed multiple vulnerabilites in Websphere Liberty Profile (WLP): CVE-2015-2017, CVE-2015-1927, and CVE-2015-4938 * MH01581* 11/24/15 *Security Fixes* * Fixed multiple security vulnerabilites in curl: CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148, and CVE-2015-3153 * Fixed openssh vulnerability: CVE-2015-5600 * Fixed multiple NTP vulnerabilities: CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405 *General fixes* * Enhanced the error handling and reporting if a deadlock should occur. * Fixed a problem where an unsuccessful call home of a serviceable event incorrectly prevents the customer notification from being sent. * Fixed an issue where creating a sysplan fails may fail with error “/System plan formatting is not valid for the following reasons: Inventory Gathering/” when virtual fibre channel adapters are configured. * Fixed Repair and Verify procedure for serviceable event BA15D001 when the slot contains a 4 port Ethernet adapter. * Fixed an issue where the HMC Format media task may not detect a working USB flash drive as a possible target for the format operation. * Updated safety instructions for non-concurrent system planar and other exchanges that require part of the system to be disassembled, for POWER 8 servers. * Enhanced diagnostics for HMC Performance and Capacity Monitor related issues. * Fixed an issue where rrstartlpar command could only be executed by a user with hmcsuperadmin user role. Users with hmcoperator and hscpe roles can now execute the command; consistent with the roles required for other migration operations. * Fixed an issue where displaying server utilization snapshot data incorrectly included hourly data. * Fixed an issue where the user specified utilization data sample rate is ignored and a sample rate of 30 seconds was used instead. * Fixed an issue with a Power Supply Exchange procedure that may incorrectly cause serviceable event B1602A33 to be reported during the repair. * HMC will now display incomplete (and not save area version mismatch) if a HMC with this PTF is connected to a server that was previously managed by a HMC at a later version such as V8 R8.4.0. * Fixed an issue of where enabling “remote operation” in the GUI does not persist the firewall change to open ports 443, 12443, and 9960 (remote web access). The firewall will be disabled the next time a user changes another setting via "Change Network Settings" panel. * Updated the error message returned by lslic command when the server is not in a connected state. Old message: “/An unknown error occurred while trying to perform this command. Retry the command. If the error persists, contact your software support representative/.” New message: “/HSCF0004E An error occurred trying to survey the target FSP-P.// //Please verify the connection to the managed system./”. * Enhanced HMC diagnostics for serviceable events E2FF1801. * Fixed a problem that can result in multiple reports of serviceable events E35A0016 AND E35A0017 * Fixed a rare, intermittent problem that can cause RMC to hang; requiring an HMC reboot to recover. * Fixed an issue where after an upgrade to HMC V8 R8.2.0 Service Pack 2 (MH01488), ldap users are no longer able to login to the HMC, and lshmcldap -r user throws an exception: “/The command lshmcldap failed. / Details: /…// //Create LDAP Context// //<-> initLdapContext getting exception!// //ERROR: Can't initialize LdapContext!// //javax.naming.CommunicationException: // //exception is java.net.SocketException:// //java.security.NoSuchAlgorithmException: SSLContext Default// //implementation not found: ]// //com.sun.jndi.ldap.Connection.(Connection.java:213)// //com.sun.jndi.ldap.LdapClient.(LdapClient.java:128)// //…/ * Fixed an issue where the dhcpd lease files may grow indefinitely leading to /var disk full errors. *MH01573* 10/19/15 *Security Fixes* * Miscellaneous security updates including: o Timezone 2015f update o httpd/mod_ssl updates o krb5 updates: CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422 o ntp updates: CVE-2014-9297 and CVE-2014-9298 o strongswan updates: CVE-2015-4171 o autofs update: CVE-2014-8169 o gnutls updates: CVE-2014-8155, CVE-2015-0282, and CVE-2015-0294 * Security fix for glibc libraries (CVE-2013-7424) * Security fix for libuser library (CVE-2015-3245, CVE-2015-3246) * Security fix for net-snmp (CVE-2014-3565) *General fixes* * Fixed an issue where deploy system plan may fail with unknown error. * Fixed an issue where a serviceable event customer notification is not sent when the callhome fails. * Fixed issue with problem callhome with some blades and Flex ITEs. * Fix to include the Alternate phone (Phone2) field in the problem (PMH) contact information. * Fixed an issue where the keyboard setting may be reset to default values after reboot. * Fixed a problem where HMC may stop responding on port 12443 impacting applications such as PowerVC. * Fixed an issue with data replication to prevent an error during configuration resulting in message "The Hardware Management Console at the specified address could not be reached or is not at the appropriate level of code to be used as a data source" * Added additional pedbg collections for field issues Back to top <#ibm-content> Installation *Special Install Instructions: *Installing this PTF using the Enhanced+ interface may hang. Prior to installing this PTF using the web browser graphical interface perform the following: 1. If already logged in to the HMC using Enhanced+ GUI, log off the HMC. 2. Log in again selecting the Log In option of "Classic". 3. Install using the normal installation instructions. Alternatively, install this PTF using CLI. *** * Installation instructions for HMC Version 8 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 8 Installation methods for HMC Version 8 fixes Instructions and images for upgrading via a remote network install can be found here: HMC V8 network installation images and installation instructions Additional information Notes: 1. The Install Corrective Service task now allows you to install corrective service updates from the ISO image files of these updates. You can download these ISO image files for the HMC, and then use the ISO image file to install the corrective service update. You no longer need to burn CD-R or DVD-R media to use the ISO image file to install corrective service. 2. This image requires DVD -R media. 3. To install updates over the network, select the *.iso file on the "Select Service Package" panel of the Install Corrective Service task. The HMC application extracts the files needed to install the corrective service. If you are using USB flash media, copy the *.iso file to the flash media, and then select the file when prompted. 4. The *updhmc* command line command has also been modified to use the *.iso file. To use the command, follow the syntax in this example: updhmc -t s -h -f -u -i In all cases, the HMC application extracts the files needed to install the corrective service. Back to top <#ibm-content>